Smartphone battery could play with privacy

A new study by researchers reveals some websites could be sniffing our battery status.

If your smartphone's or laptop's battery is running out of steam, you usually tend to charge it or switch to battery saving mode. You would never even think of it as a problem or a security threat, especially to your privacy. However, a new study on certain APIs has highlighted that the issue could be more than what it seems.

The researchers at the Princeton University found out that the battery status on your electronic device could trigger an event where your privacy could be at stake, online. However, the present study does not confirm whether this has been used for hacking, or privacy theft, but the results could be devastating.

Since your battery reports back to the operating system about the status of the existing power using APIs built into the software, it very well means the software is using this information to trigger some functions. This could be the battery saving mode, other than simply alerting you that there is 'x' amount of time remaining till the hardware shuts down. This simple and miniscule information from the battery can be disastrous if misused, according to security researchers.

Many internet users can be targetted from websites they hit. Researchers at the Princeton University have found that a small number of websites are now tracking devices with information about how much power or charge is left on the battery.

“We discovered two fingerprinting scripts utilizing the API during our manual analysis of other fingerprinting techniques. Script, https://go.lynxbroker.de/eat_heartbeat.js, retrieves the current charge level of the host device and combines it with several other identifying features. These features include the canvas fingerprint and the user's local IP address retrieved with WebRTC,” mentions the research report. “The second script, http://js.ad-score.com/score.min.js, queries all properties of the BatteryManager interface, retrieving the current charging status, the charge level, and the time remaining to discharge or recharge. As with the previous script, these features are combined with other identifying features used to fingerprint a device.”

As of now, it’s not known how websites are making use of information from the battery API. This could be used by rogue websites to track user information. The data can be used for targetted ads, products, etc, which could throw the user into websites plagued with virus and malware.